As Democrats gather, Russian subplot over emails adds intrigue

Originally published July 24, 2016 at 8:50 pm
Updated July 25, 2016 at 8:23 am

The release Friday of some 20,000 stolen emails from the Democratic National Committee’s computer servers, many of them embarrassing to Democratic leaders, has intensified discussion of the role of Russian intelligence agencies in disrupting the 2016 campaign.

Share story

An unusual question is capturing the attention of cyberspecialists, Russia experts and Democratic Party leaders in Philadelphia: Is Vladimir Putin trying to meddle in the U.S. presidential election?

Until Friday, that charge — with its eerie suggestion of a conspiracy drawn up in the Kremlin to aid Donald Trump — has been only whispered.

But the release Friday of some 20,000 stolen emails from the Democratic National Committee’s (DNC) computer servers, many of them embarrassing to Democratic leaders, has intensified discussion of the role of Russian intelligence agencies in disrupting the 2016 campaign.

The emails, released by WikiLeaks, exposed the degree to which the Democratic apparatus favored Hillary Clinton over her primary rival, Sen. Bernie Sanders of Vermont, and triggered the resignation of Debbie Wasserman Schultz, the DNC chairwoman, on the eve of the convention’s first day.

Proving the source of a cyberattack is difficult. But all the forensic evidence points toward Russian intelligence agencies as the perpetrators of the theft of the DNC emails, given close similarities between this attack and previous Russian cyberoperations.

It is less clear who gave the emails to WikiLeaks, but the same agencies are the prime suspects. Whether the leaks were ordered by Putin, or just designed by apparatchiks who thought it might please him, is anyone’s guess.

On Sunday morning, the issue erupted, as Clinton’s campaign manager, Robby Mook, argued on ABC’s “This Week” that the emails were leaked “by the Russians for the purpose of helping Donald Trump,” citing “experts” but offering no evidence.

Mook also suggested the Russians might have good reason to support Trump. The Republican nominee indicated in an interview with The New York Times last week that he might not back NATO nations if they came under attack from Russia — unless he was first convinced that the counties had made sufficient contributions to the Atlantic alliance.

Trump has also said he would like to “get along with Russia” if he is elected, and complimented Putin, saying he is more of a leader than President Obama.

Putin has, in turn, praised Trump.

But Trump campaign officials Sunday strongly rejected any connections between their candidate and cyberefforts to undermine the Democrats.

“Are there any ties between Mr. Trump, you or your campaign and Putin and his regime?” George Stephanopoulos, of “This Week,” asked Paul Manafort, Trump’s campaign chairman.

But the theft would be among the most important state-sponsored hacks yet of a U.S. organization, rivaled only by the attack on Sony, which Obama blamed on North Korea. There, too, embarrassing emails were released, but they had no political significance.

The WikiLeaks release, however, has more of a tinge of a Russian-style information war, in which the intent is to alter political events.

Exactly how, though, is a bit of a mystery, apart from embarrassing Democrats and further alienating Sanders’ supporters from Clinton.

Evidence suggests that the cyberattack was the work of at least two separate, often competing agencies, each apparently working without the knowledge that the other was inside the Democrats’ computer systems.

It is unclear how WikiLeaks, best known for its 2010 release of State Department cables when Clinton was secretary of state, obtained the email trove. But the presumption is the intelligence agencies turned it over, either directly or through an intermediary.

Moreover, the timing of the WikiLeaks release, between the end of the Republican convention and the beginning of the Democratic one, seems too well-planned to be coincidental.

Trump himself leapt on the news Saturday. In a Twitter message he wrote: “Leaked emails of DNC show plans to destroy Bernie Sanders. Mock his heritage and much more. On-line from Wikileakes, really vicious. RIGGED.”

The experts cited by Mook include CrowdStrike, a cybersecurity firm that was brought into the DNC when officials there suspected they had been hacked.

In mid-June the company announced that the intruders appeared to include a group it had previously identified by the name “Cozy Bear” or “APT 29’’ and had been inside the committee’s servers for a year.

A second group, “Fancy Bear,” also called “APT 28,” came into the system in April. It appears to be operated by the GRU, the Russian military intelligence service.

The first group is particularly well known to the FBI’s counterintelligence unit, the CIA and other intelligence agencies. It was identified by federal investigators as the likely culprit behind years of intrusions into the State Department and White House unclassified computer system, which had included the copying of thousands or tens of thousands of emails.

Officials at several firms who have examined the code for the malware used against the DNC — all based on the same single sample released by CrowdStrike — say they saw evidence of Russian language and other strong forensic hints that the malware was made in that country.

Intrusions like that for intelligence collection are hardly unusual, and the United States often does the same, stealing emails and other secrets from intelligence services and even political parties.

But the release to WikiLeaks adds another strange element, because it suggests that the intelligence findings are being “weaponized” — used to influence the election in some way.